Archive for October, 2006

After much fighting with XMail, and repeated failure I fell back on the MTA I know best (Postfix), and the local delivery and authentication I know least (mostly because prior to installing XMail on the old server I never had to bother with it.)

So, after checking around I found a fairly well-documented Postfix + Courier-IMAP + SASL + MySQL How-To for Gentoo. While it is specefic in some regards to Gentoo, the majority of the instructions should be fairly straightfoward to transfer to other *nixes.

Anyway, mail is working again, at least mostly. I still need to replace some aliases and a distribution list, but that’s all pretty simple normally, and with the MySQL db added in the mix it gets even easier, since Postfix is looking to the db for virtual domains, users, aliases, relocated mappings, everything. How much simpler can it get?

Now, if there were just one package that combined all the mail functions (kind of like XMail) and integrated with MySQL and came with decent documentation and installed from one package … Maybe Courier will move beyond version 0.53 someday and become more of a player.

Replacing the old PIII 733MHz server with a slightly less old PIII 1GHz server was mostly very straightforward. That in and of itself doesn’t seem like much, until you consider that the old server was running a stripped out Vector with a chrooted lampp, and the replacement is running Gentoo with the traditional-one-tool-at-a-time type installation.

It was mostly simple, since every single tool I use has a Gentoo ebuild. Everything seemed to be going just fine, until I discovered the hard way that the Gentoo ebuild for XMail is b0rked. :-/

Well, since it is way past my bedtime I am going to put it down for the night and try to tackle it tomorrow. But, until I get it working all mail to evardsson.com and talkingfox.com will bounce. Sorry.

While there are a good deal of serious answers about tools, platforms, methods, skills and so forth, the gem that made me chuckle was the response from Guido Van Rossum to the question “What do you think is the most important skill every programmer should posses?”:

I guess being able to cook an egg for breakfast is invaluable.

Posted in Community | Comments Off on Interview with some of the biggest

The PoC is an integer overflow-based heap overflow, in the DSA_SetItem function in COMCTL32.DLL. An arithmetic overflow can occur during multiplication to calculate the desired size for a call to ReAlloc, that isn’t reproduced during a subsequent call to memmove, so the allocated size can be smaller than the copy size and result in a heap buffer overflow. …

This vulnerability can result in remote code execution in the context of the logged in user. In order to exploit this an attacker must create a malicious website or leverage a site that allows for custom user content.

While the vulnerability was posted on the Browser Fun Blog on July 18th, the exploit first appeared over the weekend. The Microsoft Security Advisory has details on how to patch manually and how to apply the manual change to group policy.

Although it has been said many, many times, be careful how you surf. Make sure your machine is patched, you have anti-virus and spy ware blockers, blah blah blah.

Well, if a picture is worth a thousand words, then maybe this video will shed some light on the subject (sorry – it is an ad for McAfee, which I neither use nor recommend – just my personal preference) .